Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

MBR:Alureon-0 [Rtk] [Solved]

dsu1979

Posted 31 March 2014 - 05:03 PM

dsu1979

Member

Member

16 posts

I've been the UNlucky chosen candidate of receiving the MBR:Alureon-0 [Rtk]. I have searched online high and low on how to fix it. So I've taken steps to do the Avast scans as well as Microsoft Safety Scanner. I am attaching a copy of the aswMBR.txt as well as my disk management. Can anyone please help me get this off of my ASUS CG1330 desktop?

Advertisements

pystryker

Posted 31 March 2014 - 06:23 PM

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.

At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

Please make sure that all the programs I ask you to download are downloaded to and run from yourDesktop.

Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.

Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow

This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.

Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.

Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.

Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.

It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore,I highly recommend you backup any critical personal files on your machine before we start.

If possible, please have your original Windows installation disks handy, just in case.

If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.

If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed!Stop and ask for clarification of the instruction or tell me what occurred.

Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.

Please remember, the fixes are for your machine and your machineONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?

Hello Let's take a good look at your system and then we can start showing the unwanted guests the door.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Place a check in the box marked Addition.txt

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

dsu1979

Posted 31 March 2014 - 06:55 PM

dsu1979

Member

Topic Starter

Member

16 posts

I have performed the scan as requested. Below are the results of the scan. As a side note, I have the repair disk I created from my computer, but I do not have an option to reformat the computer to factory settings. I hope it doesn't come to that!

Name: AVG AVI Loader Driver
Description: AVG AVI Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Avgldx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

pystryker

Posted 01 April 2014 - 06:06 AM

pystryker

Trusted Helper

Malware Removal

3,905 posts

I have performed the scan as requested. Below are the results of the scan. As a side note, I have the repair disk I created from my computer, but I do not have an option to reformat the computer to factory settings. I hope it doesn't come to that!

Hi We will do our very best to try and make sure it doesn't come to that.

We have some work to do, so let's get started.

Warnings

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

That being said, we do clean this infection all the time here without having to reformat and reinstall. If I had it on my machine, I would still use my machine after it had been cleaned of the infection without a reformat and reinstall.

Multiple Anti-Virus Programs Installed

Your log indicates you have 2 or more anti-virus programs installed on your machine. They are Avast and AVG.

Research shows that having multiple anti-virus programs installed is not a good idea. This is a case of more is not better. They will often conflict with each, provide false positives, and additional problems.

Please uninstall AVG, however, please wait until the end of the steps to do it. I have to unhide it in Add/Remove Programs so you can see if to remove it. I'll post about it again at the end of the fix.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.

Step 1: Program Uninstall and Chrome Changes

Please uninstall the following program from your computer: AVG SafeGuard Toolbar

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner

Close any open windows or browsers.

Pause your Anti-Virus program if it is running.

Once it starts, click on the Scan button.

Let the scan complete itself. This may take a few minutes.

Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.

When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:

Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

It will close all programs when run, so make sure you have saved all your work before you begin.

Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.

Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 5: TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Put a checkmark beside loaded modules.

A reboot will be needed to apply the changes. Do it.

TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.

Then click on Change parameters in TDSSKiller.

Check all boxes then click OK.

Click the Start Scan button.

The scan should take no longer than 2 minutes.

If a suspicious object is detected, the default action will be Skip, click on Continue.

If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

dsu1979

Posted 01 April 2014 - 03:06 PM

dsu1979

Member

Topic Starter

Member

16 posts

So here's a problem. I can't uninstall Avg 2013 our Avg SafeGuard Toolbar. I go into add/remove programs and I see it listed there. I click to uninstall and nothing happens. I cannot open the program either. :-(

pystryker

Posted 01 April 2014 - 06:11 PM

Advertisements

dsu1979

Posted 01 April 2014 - 09:22 PM

dsu1979

Member

Topic Starter

Member

16 posts

I started the TFC scan right after my last post. It's still going. I think this could be part of my problem. . There are an extremely high number of temporary files. I'll probably *hopefully* have that log in the morning and maybe the other depending on how long it takes for that one.

pystryker

Posted 01 April 2014 - 09:24 PM

pystryker

Trusted Helper

Malware Removal

3,905 posts

I started the TFC scan right after my last post. It's still going. I think this could be part of my problem. . There are an extremely high number of temporary files. I'll probably *hopefully* have that log in the morning and maybe the other depending on how long it takes for that one.

That's perfectly fine That TFC scan can take quite a while, and we need to get rid of all of them. Post when ever is convenient for you, as we'll do this in a time frame that works best for you.

Posted 02 April 2014 - 05:32 AM

dsu1979

Posted 02 April 2014 - 05:08 PM

dsu1979

Member

Topic Starter

Member

16 posts

Try this again.. I'm having trouble accessing the forums and posting my logs. I think I may be trying to post too much at once so I'll break it up. I have the JRT.txt log as well as 2 TDSSKiller logs. I only scanned once, but there are 2 logs in my file now.